QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info

10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack

Started by Skhilled, Apr 02, 2023, 09:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Skhilled

A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.

https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/

LandyVlad

Even worse, the fix is removed after upgrading to Windows 11.

Well isn't that just marvelous.  >:(

QuoteIt is now close to ten years later, with the vulnerability known to be exploited by numerous threat actors. Yet, it remains an opt-in fix that can only be enabled by manually editing the Windows Registry.

So basically - only the technically minded, not most Windows users.

Quote"when a fix is optional, the masses aren't going to be protected," [/quote


QuoteBleepingComputer reached out to Microsoft about the continued abuse of this flaw and it only being an opt-in fix but has not received a reply.

Quelle Surprise.



Note - the article linked by @Skhilled does include the fix - the registry changes to be made manually.
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.